Commit | Line | Data |
---|---|---|
805e021f CE |
1 | =head1 NAME |
2 | ||
3 | bos_setauth - Sets authorization checking requirements for all server processes | |
4 | ||
5 | =head1 SYNOPSIS | |
6 | ||
7 | =for html | |
8 | <div class="synopsis"> | |
9 | ||
10 | B<bos setauth> S<<< B<-server> <I<machine name>> >>> S<<< B<-authrequired> (on | off) >>> | |
11 | S<<< [B<-cell> <I<cell name>>] >>> [B<-noauth>] [B<-localauth>] [B<-help>] | |
12 | ||
13 | B<bos seta> S<<< B<-s> <I<machine name>> >>> S<<< B<-a> (on | off) >>> | |
14 | S<<< [B<-c> <I<cell name>>] >>> [B<-n>] [B<-l>] [B<-h>] | |
15 | ||
16 | =for html | |
17 | </div> | |
18 | ||
19 | =head1 DESCRIPTION | |
20 | ||
21 | The B<bos setauth> command enables or disables authorization checking on | |
22 | the server machine named by the B<-server> argument. When authorization | |
23 | checking is enabled (the normal case), the AFS server processes running on | |
24 | the machine verify that the issuer of a command meets its privilege | |
25 | requirements. When authorization checking is disabled, server processes | |
26 | perform any action for anyone, including the unprivileged user | |
27 | C<anonymous>; this security exposure precludes disabling of authorization | |
28 | checking except during installation or emergencies. | |
29 | ||
30 | To indicate to the server processes that authorization checking is | |
31 | disabled, the BOS Server creates the zero-length file | |
32 | F</usr/afs/local/NoAuth> on its local disk. All AFS server processes | |
33 | constantly monitor for the F<NoAuth> file's presence and do not check for | |
34 | authorization when it is present. The BOS Server removes the file when | |
35 | this command is used to re-enable authorization checking. | |
36 | ||
37 | =head1 CAUTIONS | |
38 | ||
39 | Do not create the F<NoAuth> file directly, except when directed by | |
40 | instructions for dealing with emergencies (doing so requires being logged | |
41 | in as the local superuser C<root>). Use this command instead. | |
42 | ||
43 | =head1 OPTIONS | |
44 | ||
45 | =over 4 | |
46 | ||
47 | =item B<-server> <I<machine name>> | |
48 | ||
49 | Indicates the server machine on which to enable or disable authorization | |
50 | checking. Identify the machine by IP address or its host name (either | |
51 | fully-qualified or abbreviated unambiguously). For details, see L<bos(8)>. | |
52 | ||
53 | =item B<-authrequired> (on | off) | |
54 | ||
55 | Enables authorization checking if the value is C<on>, or disables it if | |
56 | the value is C<off>. | |
57 | ||
58 | =item B<-cell> <I<cell name>> | |
59 | ||
60 | Names the cell in which to run the command. Do not combine this argument | |
61 | with the B<-localauth> flag. For more details, see L<bos(8)>. | |
62 | ||
63 | =item B<-noauth> | |
64 | ||
65 | Assigns the unprivileged identity C<anonymous> to the issuer. Do not | |
66 | combine this flag with the B<-localauth> flag. For more details, see | |
67 | L<bos(8)>. | |
68 | ||
69 | =item B<-localauth> | |
70 | ||
71 | Constructs a server ticket using a key from the local | |
72 | F</usr/afs/etc/KeyFile> or F</usr/afs/etc/KeyFileExt> file. | |
73 | The B<bos> command interpreter presents the | |
74 | ticket to the BOS Server during mutual authentication. Do not combine this | |
75 | flag with the B<-cell> or B<-noauth> options. For more details, see | |
76 | L<bos(8)>. | |
77 | ||
78 | =item B<-help> | |
79 | ||
80 | Prints the online help for this command. All other valid options are | |
81 | ignored. | |
82 | ||
83 | =back | |
84 | ||
85 | =head1 EXAMPLES | |
86 | ||
87 | The following example disables authorization checking on the machine | |
88 | C<fs7.example.com>: | |
89 | ||
90 | % bos setauth -server fs7.example.com -authrequired off | |
91 | ||
92 | =head1 PRIVILEGE REQUIRED | |
93 | ||
94 | The issuer must be listed in the F</usr/afs/etc/UserList> file on the | |
95 | machine named by the B<-server> argument, or must be logged onto a server | |
96 | machine as the local superuser C<root> if the B<-localauth> flag is | |
97 | included. | |
98 | ||
99 | =head1 SEE ALSO | |
100 | ||
101 | L<KeyFile(5)>, | |
102 | L<KeyFileExt(5)>, | |
103 | L<NoAuth(5)>, | |
104 | L<UserList(5)>, | |
105 | L<bos(8)>, | |
106 | L<bos_restart(8)> | |
107 | ||
108 | =head1 COPYRIGHT | |
109 | ||
110 | IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved. | |
111 | ||
112 | This documentation is covered by the IBM Public License Version 1.0. It was | |
113 | converted from HTML to POD by software written by Chas Williams and Russ | |
114 | Allbery, based on work by Alf Wachsmann and Elizabeth Cassell. |